• Franzia@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    So the basics of what I’ve read is:

    • Discord stores all messages and media. If you delete it, or delete your account, its still there.
    • Discord does not SELL that data. Instead, they hand it over to the ad companies that are the shareholders of Discord.
    • Discord has lots of security flaws that are abused by third parties all the damn time.

    I know its different now because Discord has nitro and there are lots if good reasons to subscribe. But Discord ran without all if that subscriber funding and in that time they probably found ways to make money off of what resources they had at the time… Information.

    • MacN'Cheezus
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Discord stores all messages and media.

      I mean, how else do you think they can make it so all your existing chats show up when you log into your account from a different device? Signal stores all your messages and media as well, the difference is they encrypt it on their servers. Discord doesn’t.

      If you delete it, or delete your account, its still there.

      That’s more problematic, and there should honestly be a law against that. Come to think of it, doesn’t that violate the GRDP? Either they have to treat their EU customers differently when it comes to this, or there’s a lawsuit waiting to happen. In the former case, you might be able to force them to delete your data by using a VPN to pretend you’re in Europe.

      • Chris Ely@fosstodon.org
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        > Signal stores all your messages and media as well, the difference is they encrypt it on their servers.

        What evidence do you have to support this claim?

        The last time I looked into this, messages and media were only stored encrypted on servers until they were retrieved or expired.

        After that, the local device is where things are stored.

        @MacNCheezus

        • MacN'Cheezus
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          What evidence do you have to support this claim?

          How do they manage to make the same messages appear on multiple devices? I use Signal on my phone and two other computers. Even if one of them is offline, once I go online, it will show the same messages as the other devices, even if I have already seen them on my phone. They sure aren’t going to connect to my phone to pull the messages from there.

          I do think there is a limit to this feature – when you connect a new device, you will not see any history on there. Only messages you receive after activating the device will show up, so it’s possible they just keep track of how many active devices you have, and once a message has been retrieved by all of them, it will be deleted from the server. But that would also mean that if you don’t sign out of a device before retiring it, messages COULD potentially stay on their servers forever, unless they delete them after a certain period.

          • Chris Ely@fosstodon.org
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            > How do they manage to make the same messages appear on multiple devices?

            For a long time, they didn’t.

            I don’t know for sure, but I expect it involves keys that multiple devices share. Any “linked” device would be able to download the encrypted copy and decrypt the message that way. Once any device has done that, it can send a copy to any other devices using the unique keys it knows for that device.

            This link describes independent queues for devices: https://support.signal.org/hc/en-us/articles/5532268300186-Disappearing-Messages-with-a-Linked-Device

            @MacNCheezus

            • MacN'Cheezus
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Right, that makes sense, although the article doesn’t go into detail about how the server decides when it’s time to delete a message.

              It also doesn’t back up your claim that multiple devices sharing the same account will ever exchange messages amongst each other. Which would be a technical nightmare BTW since they could be located behind firewalls etc. and this still require a central server to coordinate. Might as well keep the middle man in that case and leave the messages on the server until they’ve been retrieved.

              My initial point therefore is mostly correct: messages ARE stored on their servers in encrypted form for an unknown length of time, although likely not forever.

              • Chris Ely@fosstodon.org
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                The algorithm for when to delete could be very simple: 1) is expired? or 2) the client confirmed download.

                Thinking of it as a shared account is likely wrong. Every device has its own place to check. Exchanging messages doesn’t have to mean direct connections. It doesn’t mean that for Signal.

                The messages temporarily on the server can’t be read by the server, that’s the important difference. They also are not stored forever. The storage costs would grow forever that way.

                @MacNCheezus

          • Chris Ely@fosstodon.org
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            > messages COULD potentially stay on their servers forever, unless they delete them after a certain period.

            If you receive a message and no devices are active to retrieve it, then yes it gets deleted from the server and is never decrypted or seen.

            This also means the sender never received the delivery confirmation, or the read confirmation for the message.

            @MacNCheezus

    • Traister101
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      That’s how Reddit works/worked. Probably lemmy too though I haven’t looked too close. Deleting your account doesn’t necessarily mean the content your account created is taken with it. Things not being deleted with your account is a werid thing to cite for spy ware, lots of stuff works like that and you can delete it, just isn’t automatically deleted with your account.

      Discord having security flaws does not make it spy ware. There have been some pretty severe security issues but almost every one I’ve heard of has its roots in a gullible user running some sort of application on their machine or scanning a QR code with the Discord app which makes it extremely clear you are logging into another device… The only one I’m aware of that I found very concerning was iirc a werid video player vulnerability that could yank your token.

      I highly doubt Discord is giving advertisers access to the messages on their platform. That sounds insanely illegal and also largly a waste of time cause if they are doing that it doesn’t work very well.

      • Franzia@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        On reddit you can simply use a tampermonkey script to remove your data. On discord, there is no option to delete all your messages. To the extent that there’s a discussion worth having about whether Discord is following the GDPR.

        Not tackling security issues means discord is okay with third parties exploiting the software to gain info about certain users - which could include hacker groups or government actors targeting single targets.

        I dont think discord can give individual messages over, legally, although they are stored unencrypted on Discord’s server.